dbf713e64f0cf5bb6f2127fab23c65c4_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

dbf713e64f0cf5bb6f2127fab23c65c4_JaffaCakes118
Size

87KB
MD5

dbf713e64f0cf5bb6f2127fab23c65c4
SHA1

a2fddb09294854847eea6960ce24c6a0bb4647de
SHA256

998ac5b58ee67b0e967fc78b1c22d3dea663e85e7d8aa3fa7d20c1f982486895
SHA512

983879e8d5dde1e7ad8b1c9e3c172431b4035a27641a8bc79cbdfa6d89dd893f56d00c5cc1d9da9d1057307a07aa5777252f732eea3687bf1820d78912488d54
SSDEEP

1536:n9Cz1yaRzTPcw2Cy7j/Rh0joGsAw7fsna5HWtObV1FGCHOaOrAUySTQJ:nyyS32R7jpWdsAWD8tObV1cCHOaOrAUy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
dbf713e64f0cf5bb6f2127fab23c65c4_JaffaCakes118

Files

dbf713e64f0cf5bb6f2127fab23c65c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1ad27272fac17eea158982544a3dbd3f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

dhcpcsvc

DhcpAcquireParameters

winmm

timeEndPeriod
timeBeginPeriod

kernel32

InterlockedCompareExchange
SetFilePointer
GetFileSize
CreateMutexA
IsProcessorFeaturePresent
OutputDebugStringA
VerifyVersionInfoA
InterlockedDecrement
PeekNamedPipe
CloseHandle
VerSetConditionMask
TlsGetValue
SetErrorMode
ReleaseMutex
SetNamedPipeHandleState
DeleteFileA
GetVersionExA
LocalAlloc
DeleteCriticalSection
InitializeCriticalSection
TerminateProcess
WaitForSingleObject
FreeLibrary
LocalFree
GetTickCount
ConnectNamedPipe
Sleep
CreateFileA
GetCurrentThread
GetSystemTimeAsFileTime
VirtualAlloc
TransactNamedPipe
VirtualProtect
VirtualFree
LoadLibraryA
InterlockedExchange
GetModuleFileNameA
CreateThread
TlsAlloc
DebugBreak
ReleaseSemaphore
QueryPerformanceFrequency
GetCurrentThreadId
ResumeThread
ReadFile
GetTempPathA
GetLastError
OpenMutexA
lstrcmpA
WriteFile
LeaveCriticalSection
FreeConsole
EnterCriticalSection
GetPrivateProfileStringA
MultiByteToWideChar
InterlockedIncrement
DisableThreadLibraryCalls
GetCurrentProcessId
GetNativeSystemInfo
GetSystemInfo
GetModuleHandleA
SetThreadPriority
ExitThread
WideCharToMultiByte
GetEnvironmentVariableA
TlsSetValue
lstrcpynA
GetProcAddress
WaitNamedPipeA
GetCurrentProcess
CreateNamedPipeA
DisconnectNamedPipe
CreateEventA
CreateSemaphoreA
GetProcessAffinityMask
SetThreadAffinityMask
SetUnhandledExceptionFilter
WaitForMultipleObjects
MoveFileA
FlushFileBuffers
UnhandledExceptionFilter
QueryPerformanceCounter
GetSystemDirectoryA

user32

PtInRect
SetWindowLongA
SetCursor
SystemParametersInfoA
GetSystemMetrics
ChangeDisplaySettingsA
CreateIconIndirect
IsWindowVisible
mouse_event
DestroyIcon
SetWindowPos
GetWindowThreadProcessId
CallWindowProcA
GetWindowDC
ClientToScreen
GetDesktopWindow
GetThreadDesktop
GetWindowLongA
GetForegroundWindow
GetUserObjectInformationA
GetKeyState
GetDC
SetForegroundWindow
IsWindow
GetMonitorInfoA
wsprintfA
IsZoomed
CloseDesktop
SetCursorPos
GetCursorPos
LoadStringA
KillTimer
SetRect
IsIconic
SetTimer
OffsetRect
PostMessageA
DefWindowProcA
ReleaseDC
GetClientRect
ShowWindow
IntersectRect
GetCursor
EnumDisplaySettingsA
SendMessageA
OpenInputDesktop

gdi32

CreateRectRgn
CreateDIBitmap
StretchBlt
DeleteObject
GdiEntry1
DeleteDC
GetDeviceGammaRamp
GetSystemPaletteEntries
GetDIBits
CreateDIBSection
SelectObject
CreateDCA
GdiEntry13
GetRandomRgn
GetDeviceCaps
GetRegionData
GetNearestColor
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
SetStretchBltMode

dinput

DirectInputCreateW

msvcrt

_stricmp
__dllonexit
_strlwr
atoi
_snprintf
malloc
__CxxFrameHandler
calloc
_adjust_fdiv
fopen
isalnum
realloc
qsort
ceil
_initterm
_vsnprintf
fclose
free
_CIpow
sscanf
strchr
sprintf
_except_handler3
fwrite
_onexit
memmove
wcsrchr
_purecall
fflush
_CxxThrowException
strstr
floor

d3d8thk

OsThunkDdResetVisrgn
OsThunkDdDeleteSurfaceObject
OsThunkDdEndMoCompFrame
OsThunkDdGetMoCompFormats
OsThunkDdGetDC
OsThunkDdGetInternalMoCompInfo
OsThunkDdWaitForVerticalBlank
OsThunkDdFlip
OsThunkD3dDrawPrimitives2
OsThunkDdLockD3D
OsThunkDdGetScanLine
OsThunkDdFlipToGDISurface
OsThunkDdCreateSurfaceEx
OsThunkDdSetGammaRamp
OsThunkDdCreateMoComp
OsThunkD3dContextDestroyAll
OsThunkDdDestroySurface
OsThunkDdBlt
OsThunkDdRenderMoComp
OsThunkDdCreateSurface
OsThunkDdCreateD3DBuffer
OsThunkDdQueryDirectDrawObject
OsThunkDdDeleteDirectDrawObject
OsThunkDdAttachSurface
OsThunkD3dContextCreate
OsThunkDdGetBltStatus
OsThunkDdGetDriverState
OsThunkD3dContextDestroy
OsThunkDdUnlock
OsThunkDdCanCreateD3DBuffer
OsThunkDdCanCreateSurface
OsThunkDdGetDriverInfo
OsThunkDdReenableDirectDrawObject
OsThunkDdGetAvailDriverMemory
OsThunkDdQueryMoCompStatus
OsThunkDdGetMoCompGuids
OsThunkDdLock
OsThunkDdReleaseDC
OsThunkDdCreateSurfaceObject
OsThunkDdSetExclusiveMode
OsThunkDdBeginMoCompFrame
OsThunkDdUnlockD3D
OsThunkD3dValidateTextureStageState
OsThunkDdGetFlipStatus
OsThunkDdDestroyMoComp
OsThunkDdDestroyD3DBuffer
OsThunkDdGetMoCompBuffInfo

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

advapi32

InitializeSecurityDescriptor
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSid
InitializeAcl
GetLengthSid
RegDeleteValueA
GetSidSubAuthority
RegOpenKeyExA
RegCloseKey
AddAccessAllowedAce
GetSidLengthRequired
RegQueryValueExA
RegQueryInfoKeyA
RegEnumValueA
RegSetValueExA
RegOpenKeyA

Sections

.textbss
Size: 38KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 392B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1ad27272fac17eea158982544a3dbd3f

Headers

File Characteristics

Imports

dhcpcsvc

winmm

kernel32

user32

gdi32

dinput

msvcrt

d3d8thk

version

advapi32

Sections

.textbss Size: 38KB - Virtual size: 368KB

.text Size: 512B - Virtual size: 428B

.rdata Size: 512B - Virtual size: 32B

.idata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 392B

.rsrc Size: 39KB - Virtual size: 38KB

.textbss
Size: 38KB - Virtual size: 368KB

.text
Size: 512B - Virtual size: 428B

.rdata
Size: 512B - Virtual size: 32B

.idata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 392B

.rsrc
Size: 39KB - Virtual size: 38KB